Risk Management Initiatives
The “Policy on Risk Control” established by the Board of Directors as an overall risk management policy, risk management policies regarding specific risks and internal organization for risk management and risk management structure have been formulated. Based on the Policy on Risk Control, the Executive Committee has established detailed rules and regulations related to risk management. The Bank’s risk management structure includes the Risk Management Division, which is responsible for supervising overall risk management activities, specific risk management divisions and the Internal Audit Division to perform internal audits. In addition, the Risk Management Committee and the Asset-Liability Management (ALM) Committee act as advisory bodies for the Executive Committee with respect to risk management.Risk Management Structure
Overall Management of Risk
The Bank observes its basic policies relating to overall Basic basic policies of risk management, which are governed by the Policy on Risk Control and Overall Risk Management Rules established under the policy. The Company comprehensively assesses risks for each risk category and manages them by comparing them with equity capital and controlling them.
The Bank observes its basic policies relating to credit risk, which are governed by the Policy on Risk Control and the Credit Risk Rules established under the policy. Currently, our risk management activities relating to credit risk are limited to the ATM settlement business, the ALM of interbank deposits placed with top-rated partner financial institutions, bonds, the lending of funds in the call-money market, temporary ATM payment amounts due and small personal loans to minimize credit risk. In addition, the Bank performs self-assessment of asset quality as appropriate and establishes an allowance for credit losses in accordance with its self-assessment and reserve policies and rules.
Basic policies related to marketability risk are governed by the Basic Policy on Risk Control and by the Market Risk Rules established thereunder. The Marketability Risk Rules include the limits on the maximum level of funds at risk, the market position limits and the loss allowance limits. The Risk Management Division measures and monitors market risk on a daily basis in light of these limits and reports the results to management, including the Executive Committee. At the ALM Committee meeting held once a month, the Bank's market risk position, expected trends in interest rates and other matters are reported and the policy for the risk management operation is determined.
The Bank observes its basic policies relating to liquidity risk, which are governed by the Basic Policy on Risk Control and the Liquidity Risk Rules established under the policy. The Liquidity Risk Rules include the limits regarding the cash gaps arising from differences between the period of the management of invested funds and the timing of the liquidation. The Liquidity Risk Rules establish limits regarding the cash gaps arising from differences between the duration of invested funds and those procured to meet current cash needs. The Risk Management Division measures and monitors liquidity risk on a daily basis in light of these limits and reports the results to management, including the Executive. In the event of a cash shortage, according to the measures corresponding to each scenario, which are designed prior to those events, companywide actions are taken to secure the liquidity in a fast and flexible manner. Hence, there shall be no concern on liquidity risk.
Overall Management of Operational Risk
The Bank observes its basic policies relating to operational risk, which are governed by the Basic Policy on Risk Control and the Operational Risk Rules established under the policy. The operational risks include, the Bank recognizes, administrative risk, systems risk, reputation risk, legal risk and other operational risks, and these risks have been managed comprehensively from a qualitative and a quantitative standpoint.
Seven Bank's business consists primarily of the execution of transactions, mainly through its ATM network, without involving face-to-face interaction. The Bank observes its Administrative Risk Rules, which were established in accordance with the Basic Policy on Risk Control, which includes a basic policy regarding administrative risks particularly due to this special characteristic of our business. To manage administrative risks, we have improved the administrative rules that are based on transactions without face-to-face interaction. In addition,Establishment of Risk Management Policy Decisions on the framework for management of reports and instructions submitted by the Board of Directors. Risk management system We strictly implement voluntary inspections by all businesses and centers, and internal audits by the Auditing Department, in order to prevent administrative errors and internal improprieties. To address any problem found through scandals, operation-related accidents, complaints and inquiries, the Bank has a system in place to quickly analyze the cause of such problems and determine measures to prevent their recurrence. Furthermore, by verifying administrative error reports and self-monitoring, the Bank strives to recognize the occurrence of administrative errors in all divisions and centers and manage administrative risk, including potential administrative risk.
The Bank observes its basic policies relating to systems risk, which are governed by the Basic Policy on Risk Control and the Systems Risk Rules established under the policy. The Bank seeks to thoroughly improve systems development efficiency, service quality and safe operation of systems. The system is configured by making full use of the latest IT (information technology) and by duplicating and multiplexing network and hardware equipment, and by implementing measures such as switching operation at the backup center in the event of a disaster or failure. Libraries such as files and programs are backed up as appropriate based on the relative importance to operations, and such backup data is stored offsite as a precaution against unforeseeable events. In addition, the Bank takes the utmost care in information management, including the use of firewalls to block unauthorized access to the Bank's system, monitoring access 24 hours/day and 365 days/year, encrypting all electronic transactions with customers, and employing antivirus software. In addition, we have established a contingency plan in advance to prepare for contingencies such as failure and natural disasters, and conduct regular drills so that our customers can use our services with peace of mind.
The Bank observes its basic policies relating to reputation risk, which are governed by the Basic Policy on Risk Control and the Reputation Risk Rules established under the policy. Efforts are made to gather information on rumors on a daily basis, and a company-wide communication system and timely and appropriate disclosure when rumors occur.
The Bank observes its basic policies relating to legal risk, which are governed by the Basic Policy on Risk Control and the Legal Risk Rules established under the policy. The Bank strives to minimize or prevent the manifestation of legal risks and address such risks accurately and efficiently to avert or minimize losses in the event that such risks materialize.
Other Operational Risks
The Bank observes its basic policies relating to other operational risks, which are governed by the Basic Policy on Risk Control. The major other operational risks recognized are human risk and tangible assets risk and have been managed.
Formulation of a Business Continuity Plan (BCP)
A bank with social responsibilities, Seven Bank has defined the ATM business, the fund settlement business serving banks and ATM partners, and deposit withdrawal and exchange operations as three priority businesses that must continue to operate even in the event of a large-scale disaster or accident.
Relevant divisions have created BCPs to enable continuity for these critical operations even if a disaster or accident occurs. In addition, we help ensure BCP execution by periodically conducting BCP drills in each division, assuming damage to a data center or other facility occurring in various time bands.
When the Great East Japan Earthquake occurred in March 2011, we established the Emergency Disaster Response Headquarters headed by the president in accordance with our basic policy for business continuity management (BCM). It held countermeasure meetings and decided on response policies and measures.